Options
Help...computer infected with something...
Hi,
My computer has been running pretty slow and from time to time IE will pop up by itself and load up some web sites...
I know I am infected but unsure how to get rid of it.
I have tried adware and norton antivirus...no luck.
Plz help, thanks in advance!
here's the 2 log files:
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:00, on 2007-9-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\poco\psched\psched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\iesnap\navplay.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PPStream\PPStream.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\amld\.dll (file missing)
O3 - Toolbar: ¿ì³µ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: ÒôÀÖÔ¿³× - {45CEDCCF-21BD-474C-B691-8CF787647E68} - C:\WINDOWS\system32\kvtffkqggvw.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [pshed] C:\Program Files\poco\psched\psched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] [URL="file://\\Jimmy\Open4Jimmy\software\MagicSet\SRIECLI.EXE"]\\Jimmy\Open4Jimmy\software\MagicSet\SRIECLI.EXE[/URL] /LOAD
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Update SP11.lnk = C:\Program Files\Common Files\xp11update.exe
O4 - Global Startup: À¶ÑÀ¿ØÖÆÅÌ.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØ - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ·¢Ë͵½ Bluetooth É豸(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: µ¼³öµ½ Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet ×ÊÔ´ËÑË÷ - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ¿ì³µ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ¿ì³µ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE607142-AC19-422e-869A-9D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE607142-AC19-422e-869A-9D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiajiamonica.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jiajiamonica.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: fvxp - {0D4D8E44-9BD3-49D2-8097-B12F8A9A8533} - (no file)
O21 - SSODL: (no name) - {12311512-2C1D-44b2-A044-872AD2AD5A61} - (no file)
O21 - SSODL: sshn - {12311512-2C1D-44b2-A044-872AD2AD5A61} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod ·þÎñ (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 10261 bytes
Panda scan log:
Incident Status Location
Adware:Adware/Borlander Not disinfected C:\PROGRA~1\amld\atsk.dll
Adware:Adware/Borlander Not disinfected c:\progra~1\csrm\iyxs.dll
Adware:Adware/Borlander Not disinfected c:\progra~1\csrm\rhgb.dll
Adware:Adware/Borlander Not disinfected c:\progra~1\csrm\mcbw.dll
Virus:Generic Malware Disinfected Operating system
Adware:Adware/Borlander Not disinfected c:\windows\system32\iyxs.dll
Adware:adware/borlander Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Monica\Cookies\monica@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Monica\Cookies\monica@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Monica\Cookies\monica@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Monica\Cookies\monica@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Monica\Cookies\monica@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Monica\Cookies\monica@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Monica\Cookies\monica@serving-sys[1].txt
Adware:Adware/Borlander Not disinfected C:\Documents and Settings\Monica\Local Settings\Temp\adgugc\adgugc.exe
Adware:Adware/BaiduBar Not disinfected C:\Documents and Settings\Monica\Local Settings\Temp\ad_2268.exe[insshell.exe]
Adware:Adware/Borlander Not disinfected C:\Documents and Settings\Monica\Local Settings\Temp\insmms5\setup.exe
Adware:Adware/Alexa Not disinfected C:\Documents and Settings\Monica\Local Settings\Temp\~temp.exe[sriecli.exe.tmp]
Virus:Generic Malware Disinfected C:\Program Files\.nls
Adware:Adware/Borlander Not disinfected C:\Program Files\amld\atsk.dll
Virus:Generic Malware Disinfected C:\Program Files\Common Files\lhgtums\fjdqclp.nls
Adware:Adware/Borlander Not disinfected C:\Program Files\csrm\iyxs.dll
Adware:Adware/Borlander Not disinfected C:\Program Files\csrm\mcbw.dll
Virus:Generic Malware Disinfected C:\Program Files\csrm\pfez.dll
Adware:Adware/Borlander Not disinfected C:\Program Files\csrm\rhgb.dll
Virus:Trj/Downloader.MDW Disinfected C:\Program Files\gentad\genneg.dll
Virus:Generic Malware Disinfected C:\Program Files\gentad\gensoo.dll
Virus:Generic Malware Disinfected C:\Program Files\gentad\gentub.dll
Adware:Adware/Alexa Not disinfected C:\Program Files\Super Rabbit\MagicSet\sriecli.exe
Virus:Generic Malware Disinfected C:\Program Files\WinRAR\Zip.SFX
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Installer\1c0db5.msi[unk_0053]
Virus:Generic Trojan Disinfected C:\WINDOWS\Temp\adgug3\adgug3.exe
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\adgugc\adgugc.exe
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\eclipse\eclipse.exe
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\ins1E.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\ins1F.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\ins20.tmp
Virus:Generic Malware Disinfected C:\WINDOWS\Temp\ins21.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\insA.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\insB.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\insC.tmp
Virus:Generic Malware Disinfected C:\WINDOWS\Temp\insD.tmp
Virus:Generic Malware Disinfected C:\WINDOWS\Temp\insE.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\jzyt\ndcx.dll
Adware:Adware/Borlander Not disinfected C:\~de12.tmp
Adware:Adware/Borlander Not disinfected C:\~de15.tmp
Adware:Adware/Borlander Not disinfected C:\~de16.tmp
Adware:Adware/Borlander Not disinfected C:\~de1B.tmp
Adware:Adware/Borlander Not disinfected C:\~de1C.tmp
Adware:Adware/Borlander Not disinfected C:\~de1E.tmp
Adware:Adware/Borlander Not disinfected C:\~de267.tmp
Adware:Adware/Borlander Not disinfected C:\~de2D.tmp
Adware:Adware/Borlander Not disinfected C:\~de35.tmp
Virus:Trj/Agent.EOK Disinfected C:\~de38.tmp
Adware:Adware/Borlander Not disinfected C:\~de3D.tmp
Adware:Adware/Borlander Not disinfected C:\~de47.tmp
Adware:Adware/Borlander Not disinfected C:\~de4B.tmp
Adware:Adware/Borlander Not disinfected C:\~de4F.tmp
Adware:Adware/Borlander Not disinfected C:\~de57.tmp
Adware:Adware/Borlander Not disinfected C:\~de59.tmp
Adware:Adware/Borlander Not disinfected C:\~de60.tmp
Adware:Adware/Borlander Not disinfected C:\~de62.tmp
Adware:Adware/Borlander Not disinfected C:\~de78.tmp
Adware:Adware/Borlander Not disinfected C:\~deAE.tmp
Adware:Adware/Borlander Not disinfected C:\~deB.tmp
Adware:Adware/Borlander Not disinfected C:\~deC.tmp
Adware:Adware/Borlander Not disinfected C:\~deE.tmp
Adware:Adware/Borlander Not disinfected C:\~deF.tmp
Adware:Adware/Borlander Not disinfected D:\SOFTWARE\StormCodec6.04.08.exe[mms.exe]
Adware:Adware/Borlander Not disinfected D:\SOFTWARE\StormCodec6.04.08.exe[mms.exe][2¨¨?]
Adware:Adware/BaiduBar Not disinfected D:\SOFTWARE\½ðɽ´Ê°Ô2006\Powerword 2006.msi[unk_0059]
My computer has been running pretty slow and from time to time IE will pop up by itself and load up some web sites...
I know I am infected but unsure how to get rid of it.
I have tried adware and norton antivirus...no luck.
Plz help, thanks in advance!
here's the 2 log files:
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:00, on 2007-9-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\poco\psched\psched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\iesnap\navplay.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PPStream\PPStream.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\amld\.dll (file missing)
O3 - Toolbar: ¿ì³µ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: ÒôÀÖÔ¿³× - {45CEDCCF-21BD-474C-B691-8CF787647E68} - C:\WINDOWS\system32\kvtffkqggvw.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [pshed] C:\Program Files\poco\psched\psched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] [URL="file://\\Jimmy\Open4Jimmy\software\MagicSet\SRIECLI.EXE"]\\Jimmy\Open4Jimmy\software\MagicSet\SRIECLI.EXE[/URL] /LOAD
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Update SP11.lnk = C:\Program Files\Common Files\xp11update.exe
O4 - Global Startup: À¶ÑÀ¿ØÖÆÅÌ.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØ - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ·¢Ë͵½ Bluetooth É豸(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: µ¼³öµ½ Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet ×ÊÔ´ËÑË÷ - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ¿ì³µ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ¿ì³µ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE607142-AC19-422e-869A-9D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE607142-AC19-422e-869A-9D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiajiamonica.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jiajiamonica.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: fvxp - {0D4D8E44-9BD3-49D2-8097-B12F8A9A8533} - (no file)
O21 - SSODL: (no name) - {12311512-2C1D-44b2-A044-872AD2AD5A61} - (no file)
O21 - SSODL: sshn - {12311512-2C1D-44b2-A044-872AD2AD5A61} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod ·þÎñ (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 10261 bytes
Panda scan log:
Incident Status Location
Adware:Adware/Borlander Not disinfected C:\PROGRA~1\amld\atsk.dll
Adware:Adware/Borlander Not disinfected c:\progra~1\csrm\iyxs.dll
Adware:Adware/Borlander Not disinfected c:\progra~1\csrm\rhgb.dll
Adware:Adware/Borlander Not disinfected c:\progra~1\csrm\mcbw.dll
Virus:Generic Malware Disinfected Operating system
Adware:Adware/Borlander Not disinfected c:\windows\system32\iyxs.dll
Adware:adware/borlander Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Monica\Cookies\monica@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Monica\Cookies\monica@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Monica\Cookies\monica@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Monica\Cookies\monica@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Monica\Cookies\monica@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Monica\Cookies\monica@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Monica\Cookies\monica@serving-sys[1].txt
Adware:Adware/Borlander Not disinfected C:\Documents and Settings\Monica\Local Settings\Temp\adgugc\adgugc.exe
Adware:Adware/BaiduBar Not disinfected C:\Documents and Settings\Monica\Local Settings\Temp\ad_2268.exe[insshell.exe]
Adware:Adware/Borlander Not disinfected C:\Documents and Settings\Monica\Local Settings\Temp\insmms5\setup.exe
Adware:Adware/Alexa Not disinfected C:\Documents and Settings\Monica\Local Settings\Temp\~temp.exe[sriecli.exe.tmp]
Virus:Generic Malware Disinfected C:\Program Files\.nls
Adware:Adware/Borlander Not disinfected C:\Program Files\amld\atsk.dll
Virus:Generic Malware Disinfected C:\Program Files\Common Files\lhgtums\fjdqclp.nls
Adware:Adware/Borlander Not disinfected C:\Program Files\csrm\iyxs.dll
Adware:Adware/Borlander Not disinfected C:\Program Files\csrm\mcbw.dll
Virus:Generic Malware Disinfected C:\Program Files\csrm\pfez.dll
Adware:Adware/Borlander Not disinfected C:\Program Files\csrm\rhgb.dll
Virus:Trj/Downloader.MDW Disinfected C:\Program Files\gentad\genneg.dll
Virus:Generic Malware Disinfected C:\Program Files\gentad\gensoo.dll
Virus:Generic Malware Disinfected C:\Program Files\gentad\gentub.dll
Adware:Adware/Alexa Not disinfected C:\Program Files\Super Rabbit\MagicSet\sriecli.exe
Virus:Generic Malware Disinfected C:\Program Files\WinRAR\Zip.SFX
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Installer\1c0db5.msi[unk_0053]
Virus:Generic Trojan Disinfected C:\WINDOWS\Temp\adgug3\adgug3.exe
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\adgugc\adgugc.exe
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\eclipse\eclipse.exe
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\ins1E.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\ins1F.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\ins20.tmp
Virus:Generic Malware Disinfected C:\WINDOWS\Temp\ins21.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\insA.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\insB.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\insC.tmp
Virus:Generic Malware Disinfected C:\WINDOWS\Temp\insD.tmp
Virus:Generic Malware Disinfected C:\WINDOWS\Temp\insE.tmp
Adware:Adware/Borlander Not disinfected C:\WINDOWS\Temp\jzyt\ndcx.dll
Adware:Adware/Borlander Not disinfected C:\~de12.tmp
Adware:Adware/Borlander Not disinfected C:\~de15.tmp
Adware:Adware/Borlander Not disinfected C:\~de16.tmp
Adware:Adware/Borlander Not disinfected C:\~de1B.tmp
Adware:Adware/Borlander Not disinfected C:\~de1C.tmp
Adware:Adware/Borlander Not disinfected C:\~de1E.tmp
Adware:Adware/Borlander Not disinfected C:\~de267.tmp
Adware:Adware/Borlander Not disinfected C:\~de2D.tmp
Adware:Adware/Borlander Not disinfected C:\~de35.tmp
Virus:Trj/Agent.EOK Disinfected C:\~de38.tmp
Adware:Adware/Borlander Not disinfected C:\~de3D.tmp
Adware:Adware/Borlander Not disinfected C:\~de47.tmp
Adware:Adware/Borlander Not disinfected C:\~de4B.tmp
Adware:Adware/Borlander Not disinfected C:\~de4F.tmp
Adware:Adware/Borlander Not disinfected C:\~de57.tmp
Adware:Adware/Borlander Not disinfected C:\~de59.tmp
Adware:Adware/Borlander Not disinfected C:\~de60.tmp
Adware:Adware/Borlander Not disinfected C:\~de62.tmp
Adware:Adware/Borlander Not disinfected C:\~de78.tmp
Adware:Adware/Borlander Not disinfected C:\~deAE.tmp
Adware:Adware/Borlander Not disinfected C:\~deB.tmp
Adware:Adware/Borlander Not disinfected C:\~deC.tmp
Adware:Adware/Borlander Not disinfected C:\~deE.tmp
Adware:Adware/Borlander Not disinfected C:\~deF.tmp
Adware:Adware/Borlander Not disinfected D:\SOFTWARE\StormCodec6.04.08.exe[mms.exe]
Adware:Adware/Borlander Not disinfected D:\SOFTWARE\StormCodec6.04.08.exe[mms.exe][2¨¨?]
Adware:Adware/BaiduBar Not disinfected D:\SOFTWARE\½ðɽ´Ê°Ô2006\Powerword 2006.msi[unk_0059]
0
Comments
I'll help you get rid of your problems.
Let's start with this:
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
O2 - BHO: - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\amld\.dll (file missing)
O3 - Toolbar: ÒôÀÖÔ¿³× - {45CEDCCF-21BD-474C-B691-8CF787647E68} - C:\WINDOWS\system32\kvtffkqggvw.dll
O4 - HKCU\..\Run: [Super Rabbit IEPro] \\Jimmy\Open4Jimmy\software\MagicSet\SRIECLI.EXE /LOAD
O4 - Global Startup: À¶ÑÀ¿ØÖÆÅÌ.lnk = ?
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE607142-AC19-422e-869A-9D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE607142-AC19-422e-869A-9D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
_______________________________
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
_______________________________
Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.
_______________________________
In safemode:
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
c:\Program Files\csrm
C:\Program Files\Common Files\lhgtums
C:\Program Files\.nls
C:\Program Files\gentad
C:\Program Files\Super Rabbit
D:\SOFTWARE\½ðɽ´Ê°Ô2006
And please delete these files:
C:\WINDOWS\system32\kvtffkqggvw.dll
c:\windows\system32\iyxs.dll
C:\WINDOWS\Installer\1c0db5.msi
D:\SOFTWARE\StormCodec6.04.08.exe
_________________________
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
When you are finished, please reboot the computer normally, and post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.
__________________________
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Prefetch
- Java Cache
*The other boxes are optional*Then click the Empty Selected button.
Click Exit on the Main menu to close the program.
_________________________
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Extended (if available otherwise Standard)
Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
Select
My Computer[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.[*]Copy and paste that information in your next post.
____________________________
Please, post a fresh hijackthis log and Kaspersky online scanner results.
I won't be able to test this until very late this week, probably not until Sat or Sun...Hope you don't mind.
Once again, thanks!!
The above thread is to be closed. Please stick with this one
Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum
If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead